Skip to main content

SQLi in XIPBlog Prestashop Module CVE-2023-27847

This is a belated stub post about SQLi vulnerabilities I found in XIPBlog (a Prestashop modules developed by Xpert-Idea) back in 2021.

The technical details are available on the advisory here.


Date Action
22/06/2021 Issue discovered during a pentest
26/06/2021 Submitted pull request on their Github repo
09/02/2022 Pull request accepted
02/12/2022 202-ecommerce find the same vulnerability independently
15/02/2023 202-ecommerce contact me offering to handle applying for CVE for this bug as I hadn’t done so
15/02/2023 Number CVE-2022-31101 assigned
23/03/2023 Vulnerability disclosed in Friends of Presta advisory
03/08/2023 Blog post released